European victims refuse to bow to Thanos ransomware

Bleeping Computer

A Thanos ransomware campaign targeting mid-level employees of multiple organizations from Austria, Switzerland, and Germany was met by the victims’ refusal to pay the ransoms demanded to have their data decrypted.

Thanos ransomware is a Ransomware-as-a-Service (RaaS) operation advertised on Russian-speaking hacker forums that allows affiliates to customize their own ransomware through a builder offered by the developer.

Some Thanos ransomware samples have previously been tagged as the ransomware strain dubbed Hakbit due to different encryption extensions used by affiliates, Recorded Future’s Insikt Group says that they’re the same malware.

Based on code similarity, string reuse, and core functionality, Insikt Group assesses with high confidence that ransomware samples tracked as Hakbit are built using the Thanos ransomware builder developed by Nosophoros, Insikt Group said in early June.

Full article